Wind River Support Network

Description

CVE-2016-2776: Assertion Failure in buffer.c While Building Responses to
a Specifically Constructed Request

CVE:               CVE-2016-2776
Document Version:  1.1
Posting date:      2016-09-28
Program Impacted:  BIND
Versions affected: 9.0.x -> 9.8.x, 9.9.0->9.9.9-P2, 9.9.3-S1->9.9.9-S3,
                   9.10.0->9.10.4-P2, 9.11.0a1->9.11.0rc1
Severity:          High
Exploitable:       Remotely

Description:

    Testing by ISC has uncovered a critical error condition which can
    occur when a nameserver is constructing a response.  A defect in the
    rendering of messages into packets can cause named to exit with an
    assertion failure in buffer.c while constructing a response to a
    query that meets certain criteria.

    This assertion can be triggered even if the apparent source address
    isn't allowed to make queries (i.e. doesn't match 'allow-query').

Impact:

    All servers are vulnerable if they can receive request packets from
    any source.

CVSS Score:  7.8
CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C)

Other Downloads

• Wind River Linux 8.0.0.11
• Wind River Linux 8.0.0.12
• Wind River Linux 8.0.0.13
• Wind River Linux 8.0.0.14
• Wind River Linux 8.0.0.15
• Wind River Linux 8.0.0.16
• Wind River Linux 8.0.0.17
• Wind River Linux 8.0.0.18
• Wind River Linux 8.0.0.19
• Wind River Linux 8.0.0.20
• Wind River Linux 8.0.0.21
• Wind River Linux 8.0.0.22
• Wind River Linux 8.0.0.23
• Wind River Linux 8.0.0.24
• Wind River Linux 8.0.0.25
• Wind River Linux 8.0.0.26
• Wind River Linux 8.0.0.27
• Wind River Linux 8.0.0.28
• Wind River Linux 8.0.0.29
• Wind River Linux 8.0.0.30
• Wind River Linux 8.0.0.31
• Wind River Linux 8.0.0.32
• Wind River Linux 8.0.0.33
• Wind River Linux 8.0.0.34

CVEs

• CVE-2016-2776